Security news aggregator

Latest coverage for SIEM

SIEM tools correlate security logs to detect suspicious activity sooner, but reliable alerts depend on complete data, tuning, and response plans.

24 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Security information and event management (SIEM) centralizes logs and security alerts from systems such as identity providers, endpoints, applications, and network devices. It normalizes and correlates events so analysts can identify activity that a single log may not show, such as a suspicious login followed by privilege changes and data access. SIEMs can also support investigation through search, retention, and automated response actions.

Its value depends on trustworthy, relevant telemetry: attackers may exploit unmonitored systems, disable logging, or generate noise that hides meaningful alerts. Poorly protected logs can also expose credentials or personal data and create compliance obligations. Effective practice is to define priority detection cases, collect and time-synchronize the necessary events, restrict and monitor access to logs, protect their integrity and retention, and continuously tune and test detections. SIEM alerts should feed a documented triage and incident-response process rather than be treated as proof of compromise.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 24 Filtered view

Startup Maps Detections Against MITRE ATT&CK and Recommends Missing ProtectionsCribl acquired Boston-based detection engineering startup CardinalOps to help organizations continuously measure MITRE ATT&CK coverage, automate TTP-based detections across SIEM platforms and move behavioral threat detection closer to the telemetry pipeline.

System Translates Detection Rules Across Security PlatformsResearchers developed an AI framework that converts threat detection rules between major SIEM platforms including Splunk, Microsoft Sentinel and QRadar. The system uses LLMs and automated validation steps to preserve detection logic during migrations that often require months of manual work.

Felicis-Led Series A Backs Telemetry Correlation Across Cloud, Identity, EndpointsArtemis, a New York startup led by former Amazon GuardDuty product leader Shachar Hirshberg, emerged from stealth with $70 million to build an AI-driven SIEM alternative that correlates telemetry across enterprise environments, tailors detections and speeds investigations.

Cyderes Aims to Fuse Identity, AI and Risk Signals in One Platform With Lucidum BuyCyderes has acquired Lucidum to expand its identity threat detection capabilities. Lucidum’s unique tagging and data integration will strengthen Cyderes' AI engine, enabling earlier detection of threats and human risk-based response by unifying off-SIEM telemetry with identity data.

Bank Info Security 9 months, 1 week ago

Exabeam CEO Integrates AI Agents in SIEM Push

Pete Harteveld Seeks to Strengthen Security Operations With Programmatic ApproachNew Exabeam CEO Pete Harteveld emphasizes securing AI agents, minimizing tool sprawl and promoting defined security outcomes. His roadmap builds on recent success and aims to deliver programmatic SIEM and UEBA innovations to improve analyst efficiency and benchmarking.

Bank Info Security 9 months, 1 week ago

Exabeam CEO Integrates AI Agents in SIEM Push

Pete Harteveld Seeks to Strengthen Security Operations With Programmatic ApproachNew Exabeam CEO Pete Harteveld emphasizes securing AI agents, minimizing tool sprawl and promoting defined security outcomes. His roadmap builds on recent success and aims to deliver programmatic SIEM and UEBA innovations to improve analyst efficiency and benchmarking.

Bank Info Security 9 months, 4 weeks ago

Vega Secures $65M to Scale SecOps, Take On Traditional SIEMs

Funding Supports Threat Hunting, Natural Language to Replace Legacy DetectionVega aims to replace patchwork AI integrations with an analytics layer that enables real-time, natural language detection across distributed data. Backed by Accel, the company will double headcount, improve detection tuning and reduce false positives without a SIEM rip-and-replace required.

Bank Info Security 10 months, 1 week ago

SentinelOne Buys Observo AI for $225M to Fuel Data Ingestion

Observo Buy Gives Customers Real-Time SIEM Ingestion and Vendor-Agnostic OptionsSentinelOne’s Observo AI buy gives customers a flexible, AI-powered data pipeline for faster detection and SIEM freedom. The acquisition bolsters its AI-native SIEM vision and offers a lower-cost, real-time alternative to traditional solutions such as Splunk.

Bank Info Security 10 months, 2 weeks ago

CrowdStrike Buys Onum for $290M to Boost SIEM Data Ingestion

Buying Spanish Startup Brings Real-Time Data Pipeline Tech to Boost SOC EfficiencyCrowdStrike announced plans to acquire Spanish startup Onum Technology for $290 million. The move brings advanced data pipeline tools into its Falcon platform, speeding up threat detection and consolidating SOC workflows for customers leaving legacy SIEMs.

Bank Info Security 1 year, 1 month ago

Mirai Botnets Exploit Flaw in Unpatched Wazuh Servers

Modular Mirai Malware Code Strikes AgainNo fewer than two separate Mirai botnets are on the hunt for unpatched servers hosting open source SIEM solution Wazuh, an unusual variation of hackers' typical focus on Internet of Things devices for stringing together infected computers. Akamai dates the first campaign to March, the other to May.

US, Australian Cyber Agencies Say Visibility Gaps Threaten Detection and ResponseThe Cybersecurity and Infrastructure Security Agency issued new guidance urging organizations to streamline Security Information and Event Management platform integration by prioritizing impactful log data and reducing blind spots that continue to plague even mature security operations centers.

Bank Info Security 1 year, 7 months ago

Here's Where Top Cybersecurity Vendors Stand as 2025 Nears

Palo Alto, CrowdStrike, Zscaler Eye Firewall, SIEM Replacement, Incident RecoveryThree of the world's largest pure-play cybersecurity vendors recently reported earnings, grappling with SIEM and firewall displacement opportunities along with rebounding from a massive outage. Palo Alto Networks Continues to reap the benefits of buying IBM's QRadar SaaS business.

Bank Info Security 1 year, 8 months ago

ConnectWise's Rivelo Aims to Secure SMBs With MSP Platform

New CEO Manny Rivelo Focuses on Security, Acquisitions to Empower MSPs, SMBsNew ConnectWise CEO Manny Rivelo is prioritizing security and new acquisitions, aiming to provide MSPs with a streamlined, multi-tenant platform. His vision offers an integrated approach to securing SMBs amid a dynamic threat landscape with capabilities like backup, MDR and managed SIEM.

Purchase Adds Advanced AI Network Detection to Logpoint's Threat Response ToolboxLogpoint acquires Muninn to integrate its AI-based NDR technology, enhancing threat detection and response capabilities in its SIEM platform. This move supports Logpoint's mission to defend OT and ICS systems against ransomware attacks by combining visibility from networks and applications.

Bank Info Security 2 years, 1 month ago

Microsoft, Palo Alto, CrowdStrike Lead XDR Forrester Wave

Palo Alto Networks Reaches Leaderboard While Trend Micro Falls to Strong PerformerThe XDR market has matured significantly, Forrester found. Leading vendors such as Microsoft, Palo Alto Networks and CrowdStrike are supporting diverse telemetry sources and developing strategies to replace traditional SIEM tools. These advancements give better detection quality and cost management.

CrowdStrike CEO Says Market Embracing AI-Driven Security Platform for ConsolidationGeorge Kurtz said CrowdStrike's Falcon platform is leading the way in cybersecurity consolidation, with deals involving cloud, identity or SIEM doubling year-over-year. Customer are seeing significant cost savings and faster response times, which Kurtz said has solidified CrowdStrike's position.

SIEM Provider Focuses on Acquisitions, Partner Channels, European Union ComplianceNew Logpoint CEO Mikkel Drucker is leading the charge for profitable growth with a strategy centered on acquisitions, expanding partner channels and adhering to strict European Union compliance standards. The focus is on enhancing platform capabilities to serve the midmarket.

Forrester's Allie Mellen on How Palo-QRadar and LogRhythm-Exabeam Will Reshape SIEMWith LogRhythm and Exabeam merging and Palo Alto Networks purchasing IBM's QRadar SaaS assets, the security operations market is undergoing rapid transformation. Forrester Principal Analyst Allie Mellen discusses the implications of these massive moves for the future of the SIEM market.

Loading more headlines...